Common Criteria Background Information

What is the Common Criteria EAL4+?

Let's separate the question into three parts: "Common Criteria", "EAL4", and "EAL4+":

  • Common Criteria

    The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely useful within the international community. It is an alignment and development of a number of source criteria: the existing European, US and Canadian Criteria (ITSEC, TCSEC and CTCPEC respectively).

    In United States, NIST and NSA have the following objectives in developing, operating, and maintaining an evaluation and validation scheme:

    • To meet the needs of government and industry for cost-effective evaluation of IT products;
    • To encourage the formation of commercial security testing laboratories and the development of a private sector security testing industry;
    • To ensure that security evaluations of IT products are performed to consistent standards;
    • To improve the availability of evaluated IT products.

    More information: About Common Criteria, About Common Criteria Evaluation

  • EAL4

    EAL stands for Common Criteria Evaluation Assurance Level. EAL1 is the entry level. Up to EAL4 increasing rigour and detail are introduced, but without introducing significantly specialized security engineering techniques. EAL 1-4 can generally be retrofitted to pre-existing products and systems. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line.

  • EAL4+

    EAL4 + stands for "EAL4 augmented". It means that something has been evaluated that is beyond EAL4 scope. StoneGate firewall version 4.2.2 evaluation was augmented with Flaw Remediation. It means that developers have established flaw remediation procedures that describe the tracking of security flaws, the identification of corrective actions, and the distribution of corrective action information to StoneGate users.

    More about Flaw Remediation

Where was the Common Criteria Evaluation performed?

StoneGate Common Criteria evaluation was performed in UK by the BT Commercial Evaluation Facility.

-->